[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Putting together a server/network...

Subject: Re: Putting together a server/network...
From: dreamwvr@dreamwvr.com
Date: Sun, 04 Nov 2001 11:03:57 -0700
Cc: misc@openbsd.org
References: <5.1.0.14.2.20011103235159.01c81bd8@mail.centerone.com>

> Last time i checked CISCO used ssh 1.2.x or earlier. This is sort of bad in
> itself as

> creates a false sense of security. For those using it. Really wonder why the
> powers that

    be there do not move to 2.xx besides size of course? Switches IMHO mean
you don't have

    to divide by hosts the bandwidth. Tools like dsniff etc have made the
other benefits < true that is if you

    decide that they will protect you.  Come to think of it that pretty much
covers everything;-})   To keep

     on topic i suppose with OBSD at least you can use kerberized flavors.
However the true benefit of telnet

     is as a diagnostic tool in environments where they will not_allow_you to
simply pull down whatever

     you want. As well when this is all you have to play with; and telling
them; whoever they are that you

     have a much better way to go will not give you the right to install
SSH then and there. To be fair this is

    called security policy. Meaning that users are not authorized to download

     and install at their leisure.  ( Plus ever see how sweaty under the eyes
they get when they realize that

     perhaps since American Graffiti or so there passwords have been
potentially casually snarfed?)

      Then watch the beauty of the corp machine as they whisk you out of their
environment  as they try to

      sweep under the rugs what they have just obtained as a revelation? Then
watch as they tell your

      contact and everyone around how they know security and they don't! need
U!!  Then watch their

      networks for a while and note that some time later they have installed
ssh 1.x.x ;-/  Mind you they

      have left all the rpc ports open .. etc and you get the idea. They have
this thing called PCanywhere

       for their executives of course. After all they deserve the best right?
:-} Well these things do happen.

       If you have not seen this in action well i can assure you i have.
Therefore telnet is at that point the

       least of their problems IMHO.  Having sed all this.. One thing you can
expect in pretty much any

       place is the telnet client. Therefore at least wa has learned to accept
and change when one can

        sort of like deserata for those who like that sort of thing.  Best
Regards

>
> FWIW, with a small IOS change most Cisco devices will let you ssh into
> them, thereby eliminating the risk of telnetting to a switch or router.  In
> small, one-location shops this capability isn't real important, but in
> enterprise environments the ability to remotely access equipment is
> absolutely critical.
>
> I believe Extreme switches can be made to have this capability as well,
> though I've never tried it on them.
>
> - Ralph

References:
- Re: Putting together a server/network...
  - From: Ralph Forsythe <rforsythe@centerone.com>

Prev by Date: DELL PowerEdge 500SC Booting problems (After Installation from CD)
Next by Date: Re: Converting ipf.rules to pf.conf?
Prev by thread: Re: Putting together a server/network...
Next by thread: Dual boot question: Was Re: Bad Magic with WinNT (2000)
Index(es):
- Date
- Thread